
WE CLAIM: 

^ An architecture for a network access server, the architecture compyi^ing: 
a first network interface device (376A) for communicating with a first/6etwork (50) 
having a first protocol type, where the first network interface device hasXfirst interface terminal 
5 for coupling to the first network and a second interface terminal, amfwhere the first network 
device is configured to perform processing for the first protocanype for data packets exchanged 
between the first and second interface terminals of the firs^etwork device; 

a second network interface device (382) for communicating with a second network (52) 
having a second protocol type, where the second network interface device has a first interface 
3io terminal for coupling to the second network apid a second interface terminal coupled to the 
y; second interface terminal of the first netwc/rk device, and where the second network device is 
y configured to perform processing for me second protocol type for a first type of data packet 
exchanged between the first and second interface terminals of the second network device; and 
a third network interface device (500) for communicating with the second network (52), 
IJl 5 where the third network int6rface device has a first interface terminal for coupling to the second 
network, a second interface terminal coupled to the second interface terminal of the first network 
device, and a third interface terminal coupled to the first interface terminal of the second network 
device, and where the third network device is configured to perform processing for the second 
protocol type for a second type of data packet exchanged between the first and second interface 
20 terminal/ of the third network device, the third network interface device being fiirther configured 
to detect reception of the first type of data packet at the first interface terminal of the third 
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network interface device and route the first type of data packet to the third interface terminal of 
the third network interface device. 

The architeeiure of claim 1, wherein the first protocol type of the first network is a 
first real-time sensitive |)rot0col and the second protocol type is a second real-time sensitive 
protocol configured to roul[e each data packet to a destination address included in each data 
packet. 

3. The architecturej»f€lmm 2, wherein the first protocol type is one of H.323 and 
^ I H.324, and the sec^ud^tocol type is IP/RTP. 

4. The architecture of claim 3, wherein the first type of data packet is an 
unencrypted IP data packet and the second type of data packet is an encrypted data packet. 




5 5 . The architecture of claim 4, where the second type of data packet is an IPsec 

O encrypted data packet. 



20 



6. The architecture of claim 5, where the third network interface device is 
configured to identify the second type of data packet by determining whether one of an AH field 
and an ESP field is present in a predetermined header of the second type of data packet, and 
where the third network interface device is further configured to detect the first type of data 
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packet by detecting that the AH field and the ESP field are absent fi-om the predetermined header 
of the first type of data packet. 

7. The architecture of claim 1 , wherein the second and third network interface 
5 devices share a predetermined network address on the second network. 



8. The architecture of claim 1, wherein the third network interface device fiirther 
comprises: 

a switching device having a first terminal coupled to the first interface terminal of the 
QiO third network interface device, a second terminal, and a third terminal coupled to the third 

interface terminal of the third network interface device, where the switching device is configured 
to identify the first type of data packet received at the first terminal and route it to the third 
1=^^ terminal and identify the second type of data packet received at the first terminal and route it to 
the second terminal; and 

rijl 5 a fourth network interface device for processing the second protocol type for the second 

fl type of data packet, where the fourth network interface device has a first terminal coupled to the 

second terminal of the switching device and a second terminal coupled to the second interface 

terminal of the third network interface device. 



20 9. The architecture of claim 8, where the switching device holds a predetermined 

network address on the second network that is shared by the second and fourth network interface 
devices. 
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\\^ A method for processing data packets in a network access device, the method 
comprising the steps of: 

receiving a data packet from a first network; 

determining whether the data packet has a first protocol type field in a header of the data 

packet; 

routing the data packet to a first gateway device for processing when the data packet has 
the first protocol type field; and 

routing the data packet to a second gateway device for processing when the data packet 
does not have the first protocol type field. 



I 1 1 , A computer readable medium having stored therein instructions for causing a central 

jij processing unit to execute the method of claim 10. 



12. Themethod/6f 
processing the dat 




im 1 1, the method fiirther including: 

t for a real-time sensitive protocol in the first gateway device; 



and 




processing the data packet for a security protocol and for the real-time sensitive protocol 
in the second gateway device. 



13. The method of claim llymicrc the real-time sensitive protocol is RTP and the 



security protocol is IPsec. 
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14. The method of claim 12, further ingjadrng the steps of: 

routing the data packet to a thiM^ggfeway device after processing by the first gateway 
device, where the third gate^f/^ device is coupled to a second network; and 

routing thp^data packet to the third gateway device after processing by the second 
gatewavji^ice. 



15. The method of claim 14, where the real-time sensitive protocol is RTP and the 
security protocol is IPsec, and including the step of processing the data packet for one of an 
3lO H.323 and an H.324 protocol in the third gateway device. 



yi5 



16. The method of claim 10, where the step of receiving a data packet firom a first 
network includes using a single predetermined address for receiving the data packet from the 
first network when the data packet has the first protocol type field in the header of the data 
packet and when the data packet does not have the first protocol type field in the header of the 
data packet. 
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1^ A network access server for communicating between first and second netji^of^, 
/the server comprising: 

a first gateway device for processing data flow betweeiMHe^first network and the network 
access server; 

5 a second gateway device for processiiT^ data flow between the first gateway device and 

the second network; 

a switching devicaiiiterposed the second gateway device and the second network for 
routing a first typp/<jf data packet fi-om the second network to the second gateway device and for 
processingXsecond type of data packet fi*om the second network and routing the second type of 
Mo data^cket to the first gateway device. 

18. The network access server of claim 17, where the network access server has a 
single predetermined address on the second network. 



ms 19. Thenetwc 



encrypted packet and/whe 



:ess server of claim 17, where the second type of data packet is an 



bpe switching device is configured to decrypt the second type of 
packet and route th^j^oqd type of packet to the first gateway device based upon decrypted 
header information. 



20 20. The network access server of claim 17, where the second type of data packet is 

an IPsec encrypted packet and where the switching device is configured to perform IPsec 
decryption of the second type of packet. 
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2 1 . The network access server of claim 20, where the switching device is configured 
to identify the second type of data packet by detecting whether one of an AH field and an ESP 
field is present in a predetermined header of the second type of packet. 

5 

22. The network access server of claim 20, where the switching device is configured 
to route the second type of packet to the first gateway device based upon a decrypted UDP 
header in the second type of packet. 

3o 23. The network access server of claim 22, where the first network is a PSTN and the 

first gateway device is configured to process one of an H.323 and an H.324 protocol. 

m 24. The network access server of claim 23, where the second network is an internet 

protocol (IP) network, the second gateway device is configured to perform RTP protocol 
^ 45 processing, and the switching device is configured to perform RTP protocol processing. 
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